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Appl. No. 10/040,2 93 
Amdt- dated Kpril 22, 2008 

Reply to Final Office Action of February 22 , 2008 

AFTER FINAL EXPEDITED PROCEDURE 

This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 

Listing of Claims: 

1. (Previously Presented) A method for managing 
identification in a data communications network, the method 
comprising: 

receiving a portable user-controlled secure storage 
device; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user- control led secure storage 
device to release said user data; and 

using said user data, from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service. 

2. (Previously Presented) A method for managing 
identification in a data communications network, the method 
comprising: 

receiving a portable user-controlled secure storage 
device ; 

enrolling a user of said portable user -controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling, 
said user data comprising a first portion and a second 
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AFTER FINAL EXPEDITED PROCEDURE 

portion, said first portion comprising a cryptogram 
computed based on said second portion; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable uBer- controlled secure storage 
device to release said user data; and 

using said user data, from said portable user- 
controlled secure storage, at a service provider network 
site to obtain a service. 

3. (Previously Presented) A method for managing . 
identification in a data communications network, the method 
comprising: 

presenting an identity credential request and data to 
be stored to a federated identity server via a client 
host; 

receiving an identity credential in response to said 
identity credential request, said identity credential 
comprising a randomized ID and an identification authority 
ID, said federated identity server capable of verifying 
the truthfulness, accuracy and completeness of said data 
to be stored ,- 

presenting a service request and said identity 
credential to a service portal, said service portal 
configured to issue an authentication request to said 
federated identity server; 

receiving a logon credential in response to said 
• service request, said login credential comprising an 
indication of the client host used by the user; and 

using said logon credential to obtain a service from 
a service provider accessible via said service portal . 

4. (Previously Presented) A computer program storage 
device including a tangible computer readable media having 
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AFTER PINAL EXPEDITED PROCEDURE 

embodied therein a program of instructions executable by a 
processor to perform a method for managing identification in a 
data communications network, the method comprising: 

receiving a portable user- control led secure storage 
device; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site/ 

receiving user data in response to said enrolling; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user-controlled secure storage 
device to release said user data; and 

using said user data, from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service. •■■ 

5. (Previously Presented) A computer program storage 
device including a tangible computer readable media having 
embodied therein a program of instructions executable by a 
processor to perform a method for managing identification in a 
data communications network, the method comprising: 

receiving a portable user-controlled secure storage 

device; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling, 
said user data comprising a first portion and a second 
portion, said first portion comprising a cryptogram 
computed based on said second portion; 



Page 4 of 8 



PAGE 7/1 1 * RCVD AT 4(22/2008 5:52:53 PM [Eastern Dayfight Time] * SVR:Ua>TO-EFXRF-5/21 * DNIS:2738300 * CSID:831 655 0888 * DURATION (mm-ss):03-20 



04/22/08 13:52 FAX 831 655 0888 GUNNISON MCKAY HODGSON ©008 



Appl. NO. 10/040,293 
Amdt. dated April 22, 2008 

Reply to Final Office Action of February 22, 2006 

AFTER FINAL EXPEDITED PROCEDURE 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable . user-controlled secure storage 
device to release said user data? and 

using said user data, from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service. 

6. (Previously Presented) A computer program storage 
device including a tangible computer readable media having 
embodied therein a program of instructions executable by a 
processor to perform a method for managing identification in a 
data communications network , the method comprising: 

presenting an identity credential request and data to 

be stored to a federated identity server via a client 

host; 

receiving an identity credential in response to said 
identity credential request, said identity credential 
comprising a randomized ID and an identification authority 
ID, said federated identity server capable of verifying 
the truthfulness, accuracy and completeness of said data 
to be stored; 

presenting a service request and said identity 
credential to a service portal, said service portal 
configured to issue an authentication request to said 
federated identity server; 

receiving a logon credential in response to said 
service request, said login credential comprising an 
indication of the client host used by the user; and 

using said logon credential to obtain a service from 
a service provider accessible via said service portal. 
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7. (Previously Presented) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising: 

means for receiving a portable user- controlled secure 
storage device; 

means for enrolling a user of said portable user- 
controlled secure storage device with an authority network 
site, said enrolling comprising providing information 
requested by said authority network site; 

means for receiving user data in response to said 
enrolling; 

means for storing said user, data in said portable 
user-controlled secure storage device; 

means for enabling said portable user-controlled 
secure storage device to release said user data; and 

means for using said user data, from said portable 
user-controlled secure storage device, at a service 
provider network site to obtain a service. 

8 , (Previously Presented) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising : 

means for receiving a portable user-controlled secure 
storage device; 

means for enrolling a user of said portable user- 
controlled secure storage device with an authority network 
site, said enrolling comprising providing information 
requested by said authority network site; 

means for receiving user data in response to said 
enrolling, said user data comprising a first portion and a 
second portion, said first portion comprising a cryptogram 
computed based on said second portion; 

means for storing said user data in said portable 
user-controlled secure storage device; 
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means for enabling said portable user- controlled 
secure storage device to release said user data; and 

means for using said user data, from said portable 
user-controlled secure storage device, at a service 
provider network site to obtain a service. 

9. (Previously Presented) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising: 

means for presenting an identity credential request 
and data to be stored to a federated identity server via a 
client host; 

meanB for receiving an identity credential in 
response to said identity credential request, said 
identity credential comprising a randomized ID and an 
identification authority ID, said federated identity 
server capable of verifying the truthfulness, accuracy and 
completeness of said data to be stored; 

means for presenting a service request and said 
identity credential to a service portal, said service 
portal configured to issue an authentication request to 
said federated identity server; 

means for receiving a logon credential in response to 
said service request, said login credential comprising an 
indication of the client host used by the user; and 

means for using said logon credential to obtain a 
service from a service provider accessible via said 
service portal . 
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